-*- text -*-
Time-stamp: <2005-09-15 10:08:47 by MC>

Greycheck Script for Exim
M.C. Widerkrantz, mc at hack.org

Greylisting daemon for use with a Mail Transfer Agent such as Exim.

greycheck.pl listens to a Unix domain stream socket for a triplet of
the form "MTA IP address, sender address, recipient address", then
looks up the triplet in a table. If the triplet is unknown it Insert
it and timestamps it.  If it already exists, it compares timestamp +
waiting_time with the current wall time.

The script writes back "true" (as in true to greylist) on the socket
if the triplet was new or if the timestamp is too recent. It writes
"false" if the triplet was known and the agreed upon time
(waiting_time seconds) has passed.

Be sure to run the script as the Exim user, since Exim is picky
about permissions on the socket.

Also note the accompanying greymaint.pl script that you should
insert into the crontab of the Exim user to do maintainance on the
greylist, e.g. to remove old entries.

If you want to test the script, you can start greycheck.pl and test it
with the testcheck.pl script.

You can use the script with an Exim configuration with a section
acl_check_rcpt set as the one below. This configuration uses access
control lists to ask the greycheck.pl script if the MTA should let the
message through.

You should set Exim to use this ACL check with

  acl_smtp_rcpt = acl_check_rcpt

higher up in the configuration, to trigger the ACL check when the MTA
receives a RCPT TO command.

----------------- 8< ----------------- 8< -----------------
acl_check_rcpt:
 defer
   message = Greylisted. Please try later.
   log_message    = greylisted.
   !senders       = :
   !hosts         = : +relay_from_hosts : \
                    ${if exists {/etc/mail/whitehosts.list} \
                                {/etc/mail/whitehosts.list}{}}
   !authenticated = *
   domains        = +local_domains : +relay_to_domains
   verify         = recipient

   # The greycheck daemon will return the string "true" if the host
   # is greylisted and "false" if not.
   condition      = ${readsocket{/etc/mail/grey/greysock} \
                                 { $sender_host_address \
                                   $sender_address \
                                   $local_part@$domain \
                                 } \
			          {5s}{}{true}}
----------------- 8< ----------------- 8< -----------------

This piece of the Exim configuration also uses a list of known good
hosts, whitehosts.list. I have included a version of the file in this
archive.
